WO2014015759A1 - Procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, système et terminal - Google Patents
Procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, système et terminal Download PDFInfo
- Publication number
- WO2014015759A1 WO2014015759A1 PCT/CN2013/079552 CN2013079552W WO2014015759A1 WO 2014015759 A1 WO2014015759 A1 WO 2014015759A1 CN 2013079552 W CN2013079552 W CN 2013079552W WO 2014015759 A1 WO2014015759 A1 WO 2014015759A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal
- user
- service provider
- code
- unique code
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000012795 verification Methods 0.000 title claims abstract description 15
- 230000006854 communication Effects 0.000 claims abstract description 79
- 238000004891 communication Methods 0.000 claims abstract description 78
- 230000000977 initiatory effect Effects 0.000 claims abstract description 4
- 230000005540 biological transmission Effects 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 6
- 238000010295 mobile communication Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000002427 irreversible effect Effects 0.000 description 2
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- CSRZQMIRAZTJOY-UHFFFAOYSA-N trimethylsilyl iodide Substances C[Si](C)(C)I CSRZQMIRAZTJOY-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
Definitions
- the present invention relates to information security technologies in mobile communication systems, and in particular, to a method, system and terminal for terminal identity authentication and service authentication. Background technique
- the traditional mobile communication terminal security strategy mainly focuses on the single-host domain, that is, the mobile communication terminal security policy of a single user single host, that is, the user performs security management on the terminal device held by the individual.
- the above security policies mainly include: User terminal device legality, such as: The user sets the power-on password for the terminal, so that the illegal user cannot be turned on; the function usage rights management, for example: restricting browsing of information stored in the terminal device, and encrypting the privacy information, For example: Encrypting documents, etc. Local security management.
- These security policies do not involve the wireless delivery of user information, user identification, and service provider authentication of services submitted by users.
- the main purpose of the embodiments of the present invention is to provide a method, a system, and a terminal for terminal identity authentication and service authentication, so as to ensure the security of the personal privacy information of the terminal user, and prevent malicious interception during wireless transmission. .
- a method for terminal identity authentication and service authentication comprising:
- the user unique code is generated according to the user specific information in the SIM card, and the name of the user specific information is encrypted, and sent to the trusted cloud control center together with the user unique code;
- the service provider generates a unique code according to its specific information, and sends the encrypted name of the specific information to the trusted cloud control center together with the generated unique code;
- the trusted cloud control center authenticates the terminal and the service provider according to the unique code, and determines that both authentication codes are passed, and the communication code is sent to the terminal and the service provider, and the two communicate according to the communication code to complete the current operation. Good service.
- the generating process of the user unique code is: the terminal uses a hash algorithm to calculate user specific information in the SIM card, and generates a user unique code; the user specific information in the SIM card is: SIM card storage A subset of the various user-specific information collections.
- the encrypting the name of the user-specific information is: encrypting the name of the user-specific information by using a personal identification code PIN.
- the trusted cloud control center authenticates the terminal and the service provider according to the unique code, and is:
- the trusted cloud control center decrypts the name of the user-specific information sent by the terminal, finds the corresponding user-specific information from its own storage server according to the name of the user-specific information obtained by the decryption, and generates a corresponding character by using a hash algorithm. a string; comparing the calculated string with a user unique code sent by the terminal, and if the comparison result is the same, indicating that the terminal is authenticated Passed; otherwise, the authentication failed;
- the trusted cloud control center generates a corresponding character string by using a hash algorithm according to the name of the specific information of the service provider obtained by decryption, and compares the string with the unique code sent by the service provider, if If the comparison result is the same, it means that the authentication is passed; otherwise, the authentication fails.
- the communication code comprises: a one-time key and a digital certificate.
- the method further includes: after the service is completed, the terminal notifies the service provider and the trusted cloud control center to delete the communication code and the unique code, that is, notify the service provider to delete the communication code and its own unique code;
- the letter cloud control center deletes the communication code and the unique code of the terminal and service provider.
- a system for terminal identity authentication and service authentication comprising: a terminal, a service provider, and a trusted cloud control center; wherein
- the terminal After the terminal is configured to initiate a service request, generate a user unique code according to user-specific information in the SIM card, and encrypt the name of the user-specific information, and send it to the trusted cloud control center together with the unique code of the user. ;
- the service provider is configured to generate a unique code according to its specific information, and send the encrypted name of the specific information to the trusted cloud control center together with the generated unique code;
- the trusted cloud control center configured In order to authenticate the terminal and the service provider according to the unique code, and determine that both authentications are passed, the communication code is sent to the terminal and the service provider, and the two communicate according to the communication code to complete the service.
- the terminal is further configured to notify the service provider and the trusted cloud control center to delete the communication code and the unique code after the service is completed, that is, notify the service provider to delete the communication code and its own unique code, and notify the The letter cloud control center deletes the communication code, and the unique code of the terminal and the service provider; correspondingly,
- the service provider is further configured to delete the communication code after receiving the notification from the terminal. And its own unique code;
- the trusted cloud control center is further configured to: after receiving the notification from the terminal, delete the communication code, and the unique code of the terminal and the service provider.
- a terminal configured to generate a user unique code according to user-specific information in the SIM card after the service request is initiated, and encrypt the name of the user-specific information, and send the same with the unique code of the user.
- the terminal is further configured to notify the service provider and the trusted cloud control center to delete the communication code and the unique code after the service is completed, that is, notify the service provider to delete the communication code and its own unique code, and notify the trusted cloud control.
- the center deletes the communication code, as well as the unique code of the terminal and service provider.
- the method, system and terminal for terminal identity authentication and service authentication provided by the embodiment of the present invention, after the terminal initiates a service request, the user unique code is generated according to the user specific information in the SIM card, and the name of the user specific information is encrypted. And sending the unique code to the trusted cloud control center together with the user unique code; the service provider generates a unique code according to the specific information of the user, and sends the encrypted name of the specific information together with the generated unique code to the trusted cloud control.
- the trusted cloud control center authenticates the terminal and the service provider according to the unique code, and determines that both authentication codes are passed, and the communication code is sent to the terminal and the service provider, and the two communicate according to the communication code to complete the present Secondary service.
- the user unique code is generated by using the information carried by the existing SIM card without increasing the existing terminal resources of the user, and the calculation method of the unique code is a hash algorithm, because the algorithm is irreversible, even if the malicious user intercepts The unique code, he can not get any valuable information from it, to ensure that the user information is safe and not impersonated.
- the communication code encrypts the communication data of both the terminal and the service provider, and the security of the terminal user and the service provider information is also ensured.
- the method of obtaining a word certificate, completing a digital signature, and the like requires a specific hardware device to support.
- the embodiment of the present invention relies on the user terminal, the service provider, and the trusted cloud control center to communicate with each other, and does not need to be performed.
- the user additionally purchases new hardware devices, therefore,
- the implementation method of the embodiment of the invention can reduce the consumption cost of the user.
- the terminal After the service is completed, the terminal notifies the service provider and the trusted cloud control center to delete the communication code and the unique code, which further ensures the security of the terminal and the service provider information.
- FIG. 1 is a schematic flowchart of a method for implementing terminal authentication and service authentication according to an embodiment of the present invention
- FIG. 2 is a schematic structural diagram of a system for terminal identity verification and service authentication according to an embodiment of the present invention
- FIG. 3 is a schematic diagram of a service provider according to an embodiment of the present invention. Schematic diagram of the structure of the embodiment;
- FIG. 4 is a schematic structural diagram of an embodiment of a trusted cloud control center according to an embodiment of the present invention. detailed description
- the user unique code is generated according to the user specific information in the SIM card, and the name of the user specific information is encrypted, and sent to the trusted cloud together with the unique code of the user.
- the control center generates a unique code according to its specific information, and sends the encrypted name of the specific information to the trusted cloud control center together with the generated unique code; the trusted cloud control center is based on the unique code pair terminal and
- the service provider performs authentication and determines that both authentications are passed, the communication code is sent to the terminal and the service provider, and the two communicate according to the communication code to complete the service.
- the terminal notifies the service provider and the trusted cloud control center to delete the communication code and the unique code.
- the name of the user specific information is encrypted by using a Personal Identification Number (PIN);
- the communication code includes: a one-time key and a digital certificate.
- FIG. 1 is a schematic flowchart of a method for implementing terminal identity verification and service authentication according to an embodiment of the present invention. As shown in FIG. 1 , the implementation steps of the process are as follows: Step 101: After the terminal initiates the service request, the user unique code is generated according to the user specific information in the SIM card, and the name of the user specific information is encrypted, and then sent to the trusted cloud control center together with the user unique code;
- the terminal initiates a service request to the service provider, according to user-specific information in the SIM card, such as: PIN, International Mobile Subscriber Identity (IMSI), authentication key (KI), and mobile subscriber temporary identifier (TMSI) And so on, use the hash algorithm to generate the user unique code.
- the user-specific information is based on a subset of various user-specific information sets stored in the SIM card, that is, includes a part of the information stored in the SIM card, and the terminal user can select the application through the application provided by the service provider.
- the type and number of information in the sub-set for example:
- This function algorithm may use a hash algorithm, but is not limited to this algorithm.
- the hash algorithm is preferred because the algorithm is irreversible, and even if a malicious user intercepts the unique code, he cannot obtain any valuable information from it, ensuring that the user information is safe and not impersonated.
- the hash algorithm is unique. As long as the number of elements or elements in the subset changes, the user will get a different unique code. This ensures that the malicious person cannot falsify the user unique code by tampering with the user-specific subset of information and using the same hashing algorithm.
- the novel unique code based on the user-specific information in the SIM card of the embodiment of the present invention serves as an important information of the security policy process, and ensures that the user identity is not impersonated, and the user information is not tampered with.
- the user can regenerate a unique code, that is: each time selects a different combination manner from the user specific information selection interface described above to generate a new subset of the user specific information, and then Using this subset as the object of the hash algorithm calculation, a one-time user unique code is obtained.
- This user unique code is random.
- the user's unique code Produce independent of the terminal device, you can use the same SIM card to complete the services on different terminal devices.
- the name of the user-specific information is encrypted by using the PIN, and sent to the trusted cloud control center together with the unique code of the user.
- the name of the user-specific information corresponds to the user-specific information selected when the user unique code is generated, that is, if the user-specific information subset includes three user-specific information, the user-specific information to be encrypted here
- the name is also three.
- the user-specific information is a specific value, such as:
- the IMSI value is a 15-digit decimal number
- the name of the user-specific information is IMSI itself.
- the name of the user-specific information is sent to the trusted cloud control center, which is used for subsequent authentication by the trusted cloud control center;
- the encryption algorithm for the name of the user-specific information is an existing encryption algorithm, and the terminal and the The algorithm has been negotiated by the Trusted Cloud Control Center.
- Step 102 The service provider generates a unique code according to the specific information of the service provider, and sends the encrypted name of the specific information to the trusted cloud control center together with the generated unique code;
- the service provider generates its own unique code according to specific information that has been registered in the trusted cloud control center, such as ID and QR code, and the generation process is the same as the process of generating the unique code of the user, and also uses Hash algorithm, not detailed here. Similarly, the service provider needs to encrypt the name of its specific information and send it to the trusted cloud control center along with the generated unique code.
- Step 103 The trusted cloud control center authenticates the terminal and the service provider according to the unique code, and determines that when both authentications are passed, the communication code is sent to the terminal and the service provider, and the two communicate according to the communication code to complete This service;
- the trusted cloud control center decrypts the name of the user-specific information sent by the terminal, finds the corresponding user-specific information from the storage server according to the name of the user-specific information obtained by the decryption, and uses the same hash algorithm. A corresponding character string is generated, and the calculated character string is compared with the user unique code sent by the terminal. If the comparison result is the same, it indicates that the terminal authentication is passed; otherwise, the authentication fails.
- the weight process is the same as the terminal authentication process, that is: according to the name of the specific information obtained by decryption, a hash algorithm is used to generate a corresponding string, and the string is compared with the unique code sent by the service provider, if If the comparison result is the same, it means that the authentication is passed; otherwise, the authentication fails.
- the trusted cloud control center determines that the authentication of the terminal and the service provider is passed, the communication code of the service is separately sent to the terminal and the service provider, and the terminal and the service provider communicate with each other according to the communication code to complete This service.
- the information includes but is not limited to: a one-time key and a digital certificate.
- information sent by the terminal and the service provider to each other needs to be encrypted by using a one-time key in the communication code.
- the one-time key in the communication code may also be one-time, which can ensure the security of the user information and prevent the user information from being maliciously falsified.
- the end user can also ensure that the service provider's service is authenticated, as described in the following embodiments.
- the embodiment of the present invention further includes the step 104: after the service is completed, the terminal notifies the service provider and the trusted cloud control center to delete the communication code and the unique code;
- the service provider and the trusted cloud control center may be notified to delete the communication code and the unique code of the service, that is, the service provider deletes the service.
- the communication code and its own unique code; the trusted cloud control center deletes the communication code of the current service and the unique code of both the terminal and the service provider. This step further ensures the security and privacy of user information.
- Step 1 The user terminal enters the application interface provided by the bank to initiate a service process, selects a plurality of user-specific information stored in the SIM card in the bank selection interface, and calculates a user unique code through a hash algorithm; encrypts the user-specific information with the PIN The name, send the two together to the trusted cloud control center, and send the service request information to the bank.
- Step 2 After receiving the service request information sent by the terminal, the bank uses the same as step one.
- the hash algorithm obtains the unique code of the bank based on the specific information registered in the Trusted Cloud Control Center, encrypts the name of the specific information, and sends the unique code and the name of the encrypted specific information to the trusted cloud control center.
- Step 3 The trusted cloud control center obtains the name of the user-specific information and the name of the bank-specific information according to the decryption, finds the specific information from its own storage server, and obtains the characters of the corresponding terminal and the bank by using the same hash algorithm. String, if the corresponding string is the same as the unique code of the terminal and the bank, it is determined that the two are legal, and the one-time key and the digital certificate for encrypting the service information are sent to the terminal and the bank respectively.
- Step 4 After the terminal receives the pass code, the user performs digital signature, and the terminal sends the digital signature of the user to the bank;
- the terminal also sends the digital signature to the trusted cloud control center for storage, thereby ensuring the non-repudiation of the entire service process and ensuring the tangible benefits of the user and the bank.
- Step 5 After receiving the digital signature of the user, the bank completes the identity verification/service authentication of the user; the bank encrypts the service specific information and the identity identification information by using the one-time key issued by the trusted cloud control center, and Sended to the user terminal, the set of encrypted information may be referred to as a function code.
- Step 6 After receiving the function code, the user terminal decrypts, and can verify the identity of the bank according to the bank identification information obtained by decryption; then further improve the service information, and then send it to the bank after being encrypted.
- Step 7 The bank completes the verification of the service detailed information and completes the current service.
- the bank opens the corresponding authority of the user, and sends the encrypted inquiry information to the user terminal, asking whether the user needs to increase the service item within the authority.
- Step 8 If the user still needs other services, repeat steps 6 to 7. If you agree to complete the entire service, send the encrypted completion code to the bank and the trusted cloud control center to inform them of the key and uniqueness of the service. Code deletion. Step 9: The bank receives the notification confirming the completion of the service, discarding the one-time key and its own unique code.
- Step 10 After receiving the notification, the Trusted Cloud Control Center discards the one-time key of the service and the unique code of the terminal and the bank.
- the embodiment of the present invention further provides a system for terminal identity verification and service authentication.
- the system includes: a terminal 21, a service provider 22, and a trusted cloud control center 23; wherein the terminal 21 After the service request is initiated, the user unique code is generated according to the user-specific information in the SIM card, and the name of the user-specific information is encrypted, and sent to the trusted cloud control center together with the unique code of the user;
- the service provider 22 is configured to generate a unique code according to its specific information, and send the encrypted name of the specific information to the trusted cloud control center together with the generated unique code; the trusted cloud control center 23 And configured to authenticate the terminal and the service provider according to the unique code, and determine that both authentications are passed, and the communication code is sent to the terminal and the service provider, and the two communicate according to the communication code to complete the service.
- the terminal 21 is further configured to notify the service provider and the trusted cloud control center to delete the communication code and the unique code after the service is completed, that is, notify the service provider to delete the communication code and its own unique code, and notify the trusted cloud.
- the control center deletes the communication code, and the unique code of the terminal and the service provider; correspondingly,
- the service provider 22 is further configured to: after receiving the notification of the terminal, delete the communication code and its own unique code; the trusted cloud control center 23 is further configured to: after receiving the notification from the terminal, delete the communication code, and The unique code of the terminal and service provider.
- the embodiment of the present invention further provides a terminal, where the terminal is configured to generate a user unique code according to user specific information in the SIM card after initiating a service request, and encrypt the name of the user specific information, and The user unique code is sent to the trusted cloud control center together.
- the terminal is further configured to notify the service provider and the trusted cloud control center to delete the communication code and the unique code after the service is completed, that is, notify the service provider to delete the communication code and its own unique code, and notify the trusted cloud control.
- the center deletes the communication code, as well as the unique code of the terminal and service provider.
- FIG. 3 is a schematic structural diagram of an embodiment of a service provider according to an embodiment of the present invention, including: a communication module 31, a storage server 32, an encryption/decryption operation module 33, and a control center 34.
- the communication module 31 is configured to communicate with the terminal and the trusted cloud control center, and transmit data between the local data and the terminal and the trusted cloud control center;
- the storage server 32 is configured to store its own specific information, a communication code, and its own unique code;
- the encryption/decryption operation module 33 is configured to encrypt a name of the specific information of the self; the control center 34 is configured to generate a unique code according to the specific information of the self, and the name of the encrypted specific information is The communication module is sent to the trusted cloud control center together;
- the control center 34 is further configured to delete the communication code stored in the storage server and its own unique code after receiving the notification from the terminal.
- FIG. 4 is a schematic structural diagram of an embodiment of a trusted cloud control center according to an embodiment of the present invention, including: a communication module 41, a storage server 42, an encryption/decryption operation module 43, a certificate generation server 44, a key generation server 45, and a control center. 46.
- the communication module 41 is configured to communicate with the terminal and the service provider, and transmit data between the local data and the terminal and the service provider;
- the storage server 42 is configured to store a unique code sent by the terminal and the service provider, a name of the encrypted specific information of the service provider, and a name of the encrypted user-specific information of the terminal; storing the registered end user specific Information and service provider specific information; a communication code generated by the certificate generation server and the key generation server;
- the encryption/decryption operation module 43 is configured to decrypt the name of the service provider's encrypted specific information and the name of the encrypted user-specific information of the terminal;
- the certificate generation server 44 is configured to generate a digital certificate in the communication code;
- the key generation server 45 is configured to generate a one-time key in the communication code;
- the control center 46 is configured to And the service provider performs authentication to determine that both authentications are passed, and the communication code is sent to the terminal and the service provider via the communication module; the control center 46 is further configured to delete the storage server after receiving the notification from the terminal.
- the terminal includes, but is not limited to, a Portable Application Description (PAD), a smart phone, an Ultrabook, and can also be applied to a general mobile phone, a data card, etc., which can support a 3G network. Terminal products for services.
- PAD Portable Application Description
- the specific implementation steps of the method of the present invention include, but are not limited to, the above process, and may define new process steps or streamline process steps for services of different security levels and application scopes, and achieve flexible use.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
- Telephonic Communication Services (AREA)
Abstract
L'invention concerne un procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, comportant les étapes suivantes : après avoir lancé une demande de service, un terminal génère un code d'utilisateur unique en fonction des informations d'utilisateur particulières figurant sur une carte SIM, chiffre le nom des informations d'utilisateur particulières, et envoie les informations d'utilisateur particulières accompagnées du code d'utilisateur unique à un centre de contrôle en nuage de confiance ; un prestataire de services génère un code unique en fonction de ses informations particulières et envoie le nom de ses informations particulières chiffrées accompagné du code unique généré au centre de contrôle en nuage de confiance ; le centre de contrôle en nuage de confiance procède à l'authentification du terminal et du prestataire de services en fonction du code unique et envoie un code de communication au terminal et au prestataire de services lorsque le terminal et le prestataire de services sont tous deux authentifiés avec succès ; et le terminal et le prestataire de services communiquent en fonction du code de communication pour mener à bien le service en question. L'invention concerne également un système et un terminal. Le procédé, le système et le terminal assurent la sécurité des informations personnelles de confidentialité d'un utilisateur de terminal, empêchant ainsi que les informations soient interceptées par malveillance lors d'un processus de transmission sans fil.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA2879910A CA2879910C (fr) | 2012-07-24 | 2013-07-17 | Procede de confirmation de l'identite d'un terminal et d'authentification d'un service, systeme et terminal |
EP13823645.0A EP2879421B1 (fr) | 2012-07-24 | 2013-07-17 | Procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, système et terminal |
US14/417,024 US9445269B2 (en) | 2012-07-24 | 2013-07-17 | Terminal identity verification and service authentication method, system and terminal |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210257464.1A CN102761870B (zh) | 2012-07-24 | 2012-07-24 | 一种终端身份验证和服务鉴权的方法、系统和终端 |
CN201210257464.1 | 2012-07-24 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014015759A1 true WO2014015759A1 (fr) | 2014-01-30 |
Family
ID=47056158
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2013/079552 WO2014015759A1 (fr) | 2012-07-24 | 2013-07-17 | Procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, système et terminal |
Country Status (5)
Country | Link |
---|---|
US (1) | US9445269B2 (fr) |
EP (1) | EP2879421B1 (fr) |
CN (1) | CN102761870B (fr) |
CA (1) | CA2879910C (fr) |
WO (1) | WO2014015759A1 (fr) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2499787B (en) | 2012-02-23 | 2015-05-20 | Liberty Vaults Ltd | Mobile phone |
CN102761870B (zh) | 2012-07-24 | 2015-06-03 | 中兴通讯股份有限公司 | 一种终端身份验证和服务鉴权的方法、系统和终端 |
KR102133450B1 (ko) * | 2013-05-30 | 2020-07-13 | 삼성전자 주식회사 | 프로파일 설정 방법 및 장치 |
GB2517732A (en) * | 2013-08-29 | 2015-03-04 | Sim & Pin Ltd | System for accessing data from multiple devices |
CN105592456B (zh) * | 2014-10-20 | 2018-10-30 | 中国电信股份有限公司 | 二维码认证的方法和系统 |
CN106101068B (zh) * | 2016-05-27 | 2019-06-11 | 宇龙计算机通信科技(深圳)有限公司 | 终端通信方法及系统 |
KR101809974B1 (ko) * | 2017-05-22 | 2017-12-19 | 주식회사 에프엔에스벨류 | 다중 사용자의 인증요소를 조합하여 보안키를 생성하는 보안인증시스템 및 보안인증방법 |
CN107222556A (zh) * | 2017-06-28 | 2017-09-29 | 中天海洋系统有限公司 | 一种深海观测安全可信组网系统 |
CN108932619B (zh) * | 2018-06-07 | 2022-03-22 | 贵州玛迩比特通信科技有限公司 | 一种终端离线的收费服务方法及系统 |
WO2020162739A1 (fr) * | 2019-02-08 | 2020-08-13 | 주식회사 센스톤 | Procédé, programme et appareil pour identifier un dispositif à l'aide d'un code virtuel sur la base d'une valeur unique de puce |
EP3917103A1 (fr) * | 2020-05-29 | 2021-12-01 | Siemens Aktiengesellschaft | Procédé, système, émetteur et récepteur d'authentification d'un émetteur |
US20220217136A1 (en) * | 2021-01-04 | 2022-07-07 | Bank Of America Corporation | Identity verification through multisystem cooperation |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1764296A (zh) * | 2004-10-22 | 2006-04-26 | 北京握奇数据系统有限公司 | 动态口令认证系统和方法 |
CN102761870A (zh) * | 2012-07-24 | 2012-10-31 | 中兴通讯股份有限公司 | 一种终端身份验证和服务鉴权的方法、系统和终端 |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1691578A (zh) * | 2004-04-29 | 2005-11-02 | 华为技术有限公司 | 一种设备验证自身合法性的方法 |
US20060059344A1 (en) * | 2004-09-10 | 2006-03-16 | Nokia Corporation | Service authentication |
NO20050152D0 (no) * | 2005-01-11 | 2005-01-11 | Dnb Nor Bank Asa | Fremgangsmate ved frembringelse av sikkerhetskode og programmbar anordning for denne |
US20070186115A1 (en) | 2005-10-20 | 2007-08-09 | Beijing Watch Data System Co., Ltd. | Dynamic Password Authentication System and Method thereof |
EP1865656A1 (fr) * | 2006-06-08 | 2007-12-12 | BRITISH TELECOMMUNICATIONS public limited company | Établissement d'une communication sécurisée utilisant une authentification par un tiers |
US8640203B2 (en) * | 2007-06-04 | 2014-01-28 | Rajesh G. Shakkarwar | Methods and systems for the authentication of a user |
CN101588579B (zh) * | 2008-05-20 | 2011-09-14 | 华为技术有限公司 | 一种对用户设备鉴权的系统、方法及其基站子系统 |
US8590037B2 (en) * | 2008-12-23 | 2013-11-19 | Sandisk Technologies Inc. | Managing host application privileges |
US9166975B2 (en) * | 2012-02-16 | 2015-10-20 | Inbay Technologies Inc. | System and method for secure remote access to a service on a server computer |
US8590022B2 (en) * | 2009-02-26 | 2013-11-19 | Blackberry Limited | Authentication using a wireless mobile communication device |
US8584221B2 (en) * | 2009-10-23 | 2013-11-12 | Microsoft Corporation | Authenticating using cloud authentication |
CN102316080B (zh) * | 2010-06-30 | 2016-06-01 | 百度在线网络技术(北京)有限公司 | 支持中心认证服务在同一主域下的匿名验证功能 |
CN102571702B (zh) * | 2010-12-22 | 2014-11-05 | 中兴通讯股份有限公司 | 物联网中的密钥生成方法、系统和设备 |
US8667569B2 (en) * | 2011-09-29 | 2014-03-04 | Target Brands, Inc. | Credentials management |
US20130208893A1 (en) * | 2012-02-13 | 2013-08-15 | Eugene Shablygin | Sharing secure data |
US20130226812A1 (en) * | 2012-02-24 | 2013-08-29 | Mads Landrok | Cloud proxy secured mobile payments |
US9038137B2 (en) * | 2012-06-28 | 2015-05-19 | Cellco Partnership | Subscriber authentication using a user device-generated security code |
-
2012
- 2012-07-24 CN CN201210257464.1A patent/CN102761870B/zh active Active
-
2013
- 2013-07-17 CA CA2879910A patent/CA2879910C/fr active Active
- 2013-07-17 EP EP13823645.0A patent/EP2879421B1/fr active Active
- 2013-07-17 US US14/417,024 patent/US9445269B2/en active Active
- 2013-07-17 WO PCT/CN2013/079552 patent/WO2014015759A1/fr active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1764296A (zh) * | 2004-10-22 | 2006-04-26 | 北京握奇数据系统有限公司 | 动态口令认证系统和方法 |
CN102761870A (zh) * | 2012-07-24 | 2012-10-31 | 中兴通讯股份有限公司 | 一种终端身份验证和服务鉴权的方法、系统和终端 |
Also Published As
Publication number | Publication date |
---|---|
US20150208238A1 (en) | 2015-07-23 |
CA2879910A1 (fr) | 2014-01-30 |
CA2879910C (fr) | 2018-02-13 |
CN102761870B (zh) | 2015-06-03 |
EP2879421B1 (fr) | 2019-09-11 |
CN102761870A (zh) | 2012-10-31 |
US9445269B2 (en) | 2016-09-13 |
EP2879421A1 (fr) | 2015-06-03 |
EP2879421A4 (fr) | 2015-10-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014015759A1 (fr) | Procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, système et terminal | |
KR102134302B1 (ko) | 무선 네트워크 접속 방법 및 장치, 및 저장 매체 | |
US8327143B2 (en) | Techniques to provide access point authentication for wireless network | |
US9094823B2 (en) | Data processing for securing local resources in a mobile device | |
US11336641B2 (en) | Security enhanced technique of authentication protocol based on trusted execution environment | |
CN109729523B (zh) | 一种终端联网认证的方法和装置 | |
CN101621794A (zh) | 一种无线应用服务系统的安全认证实现方法 | |
US8397281B2 (en) | Service assisted secret provisioning | |
WO2014180198A1 (fr) | Procédé, système et dispositif d'accès d'un terminal et support de stockage informatique | |
WO2022111187A1 (fr) | Procédé et appareil d'authentification de terminal, dispositif informatique et support de stockage | |
US10091189B2 (en) | Secured data channel authentication implying a shared secret | |
KR101281099B1 (ko) | 스마트폰 분실 및 도난의 피해 방지를 위한 인증방법 | |
CN105141629A (zh) | 一种基于WPA/WPA2 PSK多密码提升公用Wi-Fi网络安全性的方法 | |
KR101745482B1 (ko) | 스마트홈 시스템에서의 통신 방법 및 그 장치 | |
CN109522689B (zh) | 移动办公环境下的多因子强身份认证方法 | |
KR102355708B1 (ko) | 블록체인 키를 이용한 사용자 인증 기반의 요청 처리 방법, 그 방법이 적용된 시스템 | |
JP2017139026A (ja) | 信頼できる認証およびログオンのための方法および装置 | |
JP2015111440A (ja) | 信頼できる認証およびログオンのための方法および装置 | |
KR20130046781A (ko) | 무선 네트워크 접속 인증 방법 및 그 시스템 | |
KR101431010B1 (ko) | 하드웨어 인증 모듈을 이용한 액세스 포인트 인증 장치 및 방법 | |
Guo et al. | 2FA Communication Protocol to Secure Metro Control Devices | |
JP2017108239A (ja) | 通信システム、端末装置、通信装置、通信方法、及びプログラム | |
CN115988496A (zh) | 接入认证方法及装置 | |
Hsieh et al. | An Improved Mutual Authentication Mechanism for Securing Smart Phones | |
Nagesha et al. | A Survey on Wireless Security Standards and Future Scope. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13823645 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2879910 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14417024 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2013823645 Country of ref document: EP |